Controversial CISPA-Style Legislation Alive and Kicking

The Senate is apparently getting close to considering legislation that would enable the sharing of cyber threat intelligence and other information in real-time, similar to the controversial Cyber Intelligence Sharing and Protection Act (CISPA) legislation proposed in the House.

Georgia Senator Saxby Chambliss said last week that he was “very close” to introducing legislation to encourage the private sector and government to share information on cyberattacks.

The main difference between the Senate’s bill and the House’s CISPA is who will be in charge of coordinating sharing efforts. CISPA designated the NSA as being the agency overseeing the program, while the Senate’s proposal will put forward the Department of Homeland Security, a civilian agency, as the main entity.

The NSA has been under fire for domestic spying and data collection on U.S. citizens ever since a former contractor Edward Snowden leaked confidential documents outlining the agency’s extensive surveillance programs.

Designating the DHS as the agency in charge of the information sharing program could make the legislation more palpable and politically safer for Congress.

Should the Senate pass the legislation Chambliss is set to introduce, the bill would then need to be reconciled with the CISPA legislation in the House before being considered by the entire Congress.

“If we had not been interrupted by the NSA revelations by Mr. Snowden and the need for [Foreign Intelligence Surveillance Act] reform, I think we probably would have been there because that was next on our plate,” Chambliss said.

When we talk about who our “mentors” are, many assign the role to that of a former teacher, an omnipresent guru, a past or present boss, or some other who played a significant role in our personal and professional development.

Our mentors are all around us, and we must open ourselves to the possibility that we can learn something of value from every person we meet and from every interaction we are party to.

There were two very interesting results of this informal survey of leading infosec pros regarding who they believe influenced them the most. The first was the fact that about half of the two-dozen or so respondents indicated they could not necessarily pinpoint anyone in their career development who they would describe as being their mentor.

In stark contrast, nearly as many who participated found it hard to narrow the field down to one or even just several individuals, and the passion with which they spoke of their mentors and the positive influence they had on their development was readily apparent.

Mike Dahn (@MikeD), Head of Data Security Relations at Square, offered the observation that “traditionally we look to individuals who are more advanced in their career to mentor us and act like a Sherpa guide who help us navigate the waters of life, career, family, and ourselves.”

“When people ask me for advice I often relay to them a story of something I’ve experienced but more often I tell them a story of someone who has impacted my life. I’m just the messenger, and that is how we should view mentorship,” Dahn continued.

In a similar vein, Josh Corman emphasized that a great mentor does not have to be someone who has the kind of job or skillset that one would want to emulate, but that they possess character elements that you admire and are worthy of emulation.

We thought this subject important enough to share with you the responses from some well known infosec thought leaders on who their mentors are and were, and exactly what those relationships meant to them.

We’ll start with Josh since he really understands the value of mentorship from both sides of the equation, both as a mentor and mentee, and was so moved by the topic suggestion that he picked up the phone and called me within five minutes of my emailing him the questions – the rest are simply in the order of their response…

Three key mentors who have influenced my career path and overall philosophy, though in reality there are many more. The first is Dan Gear, CISO at In-Q-Tel, and a Source Boston keynote speaker earlier this year.

Geer takes a thoroughly hard sciences approach to security, which appeals to part of me, particularly his emphasis on quality metrics, and his analogous comparisons of aspects of immunology to the art of information security are absolutely brilliant.

Though I have never worked with him directly, it’s Geer’s ability to analyze security issues through complex and rigorous methodologies that has led me to emulate him many aspects of his work and in the various talks I have delivered over the years. I consider Geer to be my right brain.

The second is Richard Thieme (@NeuralCowboy), another Source Boston keynote speaker and an accomplished author who has a background rooted in spirituality, having been an ordained Episcopal priest who became interested in the impact technology has on religious beliefs and the concept of identity.

Thieme is truly a one of a kind, especially in this field. Where Geer is my left brain, Thieme is most definitely his counterpart as my right brain. He is no less than the heart, soul and poet laureate of the security field, and he has deeply influenced my understanding of the more philosophical aspects of security, a field that many consider to be a wholly technical endeavor.

Rounding my trio of mentors is Duncan Hoopes (@DuncRH)who conducts Security Management at IBM’s Tivoli Software. Hoopes is very Socratic in his thinking and in the way in which he engages the community, and has the uncanny ability to break down extremely complex issues that make them more accessible to people with a less technical background, making him a very effective communicator. He has had a significant impact on my work, and inspired many of the key underlying aspects of my conception of Rugged DevOps and how it relates to The Theory of Constraints.